introduction to cobit
play

Introduction to COBIT Presentation for the ISACA Kansas City Chapter - PowerPoint PPT Presentation

Jul 25, 2023 •461 likes •1.32k views

Introduction to COBIT Presentation for the ISACA Kansas City Chapter ISACA Kansas City Chapter Presentation 10/12/2008 1 Agenda Introduction IT Challenges Governance Overview The COBIT Framework COBIT Mappings to Various Frameworks Closing

  1. Introduction to COBIT Presentation for the ISACA Kansas City Chapter ISACA Kansas City Chapter Presentation 10/12/2008 1

  2. Agenda Introduction IT Challenges Governance Overview The COBIT Framework COBIT Mappings to Various Frameworks Closing 10/12/2008 ISACA Kansas City Chapter Presentation 2

  3. Introduction IT Challenges Governance Overview The COBIT Framework COBIT Mappings to Various Frameworks Closing 10/12/2008 ISACA Kansas City Chapter Presentation 3

  4. Introduction Purpose of Presentation This presentation was developed for the ISACA Kansas City chapter for educational and discussion purposes only. It is our intent today to: Provide a high level overview of the COBIT framework for the ISACA Kansas City chapter Provide an overview of basic principles of governance that support the framework Describe the high level Val IT framework Illustrate how COBIT maps to other popular frameworks 10/12/2008 ISACA Kansas City Chapter Presentation 4

  5. Introduction Today’s Speakers Mark Thomas David Upsdell With over 18 years of professional experience, David Upsdell ’ s career in the IT Services Mark ’ s background spans leadership roles industry is rich and varied. He has developed from IT Director to Management and IT application software, managed the IS function Consulting. Mark has led large teams in at various companies, consulted in information outsourced IT arrangements, conducted PMO, systems to client companies and managed a Service Management and governance activities portfolio of IT projects. for major project teams, managed enterprise applications implementations, and His industry experience includes high implemented governance processes across technology, dotcom startups, publishing, multiple industries. telecommunications and financial services. In the past year, David designed and implemented Mark has a wide array of industry experience an Information Security Program for a financial with ‘ Big Five ’ type consulting in the health services company in metropolitan Kansas City. care, manufacturing and distribution, services, high technology, and government verticals. As David earned his BS in Information Systems and the president of Escoute Consulting, Mark has post ‐ graduate Diploma in Business and has forged a reputable competency as a since been certified CGEIT, CISM and PMP. He consultative trainer and speaker in the has traveled to 49 of the 50 states of the USA, governance space including ITIL and COBIT. Europe, UK, Australia, New Zealand and Asia – and has actually lived in several of them. 10/12/2008 ISACA Kansas City Chapter Presentation 5

  6. Introduction IT Challenges Governance Overview The COBIT Framework COBIT Mappings to Various Frameworks Closing ISACA Kansas City Chapter Presentation

  7. IT Challenges Classic IT Challenges Keeping IT Running 1. Costs 2. Value 3. Mastering Complexity 4. Aligning IT with Business 5. Regulatory Compliance 6. Security 7. Staffing (HR, Skills, Retention) 8. Resources 9. From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 7

  8. IT Challenges 1. Keeping IT Running Risks: Mission critical processes can be adversely impacted Productivity loss Lost business, customers, revenue, profits Reputational risk Control Objective: Assure Continuity and Quality of IT services From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 8

  9. IT Challenges 2. Costs Risks: Excessive spend on IT Gartner Group estimates that organizations waste US $600 billion a year on ill ‐ conceived IT projects—and that includes only "sunk" cost, not unrealized value. Gartner, “The Elusive Business Value of IT,” August 2002 Lack of understanding of IT costs Increasing complexity of IT assets/services Mismatch of IT spending by IT Dept & Business units Resource skills lacking or non ‐ aligned Control Objective: Manage costs and vendors as carefully as possible From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 9

  10. IT Challenges 3. Value Risks: Cost of IT investments outweigh the benefits Expected outcomes of IT investments Users expectations not met Impaired business performance Control Objective: Identify “right” IT investments, execute with excellence From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 10

  11. IT Challenges 4. Mastering Complexity Risks: Not maintaining technical competencies Integration of new systems/business units Lack of standardization Not adaptable to change Not taking advantage of technology improvements Not managing vendors & service providers Control Objective: Organize & manage IT to be adaptable & flexible From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 11

  12. IT Challenges 5. Aligning IT With Business Risks: Poorly defined business requirements and/or business drivers Prioritization mismatch between IT & business Increasing complexity – beyond ability to manage Lack of Business Unit sponsorship Communication gaps between business & IT Control Objective: Ensure IT links with the business to deliver value From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 12

  13. IT Challenges 6. Regulatory Compliance Risks: Ability to do business – at all! Cease & desist! Penalty Costs Reputational risk Control Objective: Ensure compliance with all relevant regulations and contracts From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 13

  14. IT Challenges 7. Security Risks: Exposure/corruption of information Take down systems and applications Loss of IP and business intelligence Abuse/misuse of information Ability to do business Control Objective: Ensure IT security is sufficient to reduce risk to an acceptable level From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 14

  15. IT Challenges 8. Staffing Risks: Insufficient coverage can expose the business to poor performance in all other areas Not adaptable to change Attracting, retaining and maintaining required skills Skills not adequate to grow new business demands Ability to do business Control Objective: Ensure IT staffing is skilled and adequate in cover From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 15

  16. IT Challenges 9. Resources Risks: Adverse performance in all previous challenges Ability to do business Objective: Ensure IT resources are sufficient From itgi.org 10/12/2008 ISACA Kansas City Chapter Presentation 16

  17. IT Challenges Best Practices for IS Key component processes performed by all IS organizations (Dr Colin Boswell, DECUS conference 1993) From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 17

  18. IT Challenges Provision of User Services Service Level monitoring User satisfaction surveys Training Documentation Help Desk From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 18

  19. IT Challenges Strategy and Planning Management commitment IS Strategic Plan Audit and review International standards Reporting procedures From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 19

  20. IT Challenges Service Level Management Service level agreements Agreeing service levels Performance monitoring and reporting External service providers From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 20

  21. IT Challenges Service Availability and Security Computer operations Network operations Capacity planning and management Software availability Hardware availability and maintenance Environmental services Risk management and disaster recovery planning Security From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 21

  22. IT Challenges Cost Management The cost of service provision Cost reporting Cost justification Procurement Third party service providers From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 22

  23. IT Challenges Human Resources Human resources issues Contract vs. permanent staff From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 23

  24. IT Challenges Systems Development and Acquisitions The project approach to systems development or acquisitions Systems development System acquisition User control Audit requirements and security Cost justification Quality and standards User developed PC systems From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 24

  25. IT Challenges Testing and Implementation Testing Implementation Documentation Training User acceptance and sign off Post implementation review From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 25

  26. IT Challenges Project Management Project ownership Project scope Project planning Project monitoring, control and reporting User involvement From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 26

  27. IT Challenges Problem Management Problem management procedures Help Desk From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 27

  28. IT Challenges Change Management Co ‐ ordination Priority and urgency Span of authority From Dr. Colin Boswell 10/12/2008 ISACA Kansas City Chapter Presentation 28

  29. Introduction IT Challenges Governance Overview The COBIT Framework COBIT Mappings to Various Frameworks Closing 10/12/2008 ISACA Kansas City Chapter Presentation 29

Recommend

Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements Christophe

Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements Christophe

Third International Workshop on Requirements Engineering and Law (RELAW 10) - September 28 th 2010 Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements

429 views • 27 slides
Using COBIT 5 Framework for Cybersecurity Assessment Hugh Burley, Trevor Hurst, and Ivor MacKay

Using COBIT 5 Framework for Cybersecurity Assessment Hugh Burley, Trevor Hurst, and Ivor MacKay

Conference 2018 Conference 2018 Using COBIT 5 Framework for Cybersecurity Assessment Hugh Burley, Trevor Hurst, and Ivor MacKay Speakers Trevor Hurst, Chief Information Officer Ministry of Advanced Education, Skills & Training Hugh

551 views • 26 slides
A.I.S. Class 15: Outline I Questions relating to REA I Learning Objectives for Chapter 10 I

A.I.S. Class 15: Outline I Questions relating to REA I Learning Objectives for Chapter 10 I

A.I.S. Class 15: Outline I Questions relating to REA I Learning Objectives for Chapter 10 I Controls I Misstatements I Internal Control Structure I Control Objectives and Audit Objectives I COBIT I Group Work for Chapter 10 Dr. Peter R Gillett

486 views • 27 slides
Cloud Computing in the Banking Sector of the Euro-area George Papoulias, CGEIT, ITIL Expert,

Cloud Computing in the Banking Sector of the Euro-area George Papoulias, CGEIT, ITIL Expert,

Cloud Computing in the Banking Sector of the Euro-area George Papoulias, CGEIT, ITIL Expert, CRISC, CISA, Price2P, COBIT Senior Management Advisor, CISO & CDO Office National Bank of Greece Vice Chair, itSMF Hellas 16 th- 17 th of May 2018

702 views • 22 slides
A.I.S. Class 11: Outline I Learning Objectives for Chapter 10 I Controls I Misstatements I Internal

A.I.S. Class 11: Outline I Learning Objectives for Chapter 10 I Controls I Misstatements I Internal

A.I.S. Class 11: Outline I Learning Objectives for Chapter 10 I Controls I Misstatements I Internal Control Structure I Control Objectives and Audit Objectives I COBIT I Events and Event Risks I Group Work for Chapter 10 I Mid-term Examination Dr.

605 views • 34 slides
INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION

INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION

TRAINING COURSE ON SOCIAL PROTECTION & FORMALIZATION TRINIDAD AND TOBAGO MARCH 15, 2017 INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION Design of the NIS Assistance from the

547 views • 23 slides
INTRODUCTION Introduction 2/42 INTRODUCTION Alternations I am giving bread to the

INTRODUCTION Introduction 2/42 INTRODUCTION Alternations I am giving bread to the

Patterns of variation in the expression of case and agreement Andrs Brny Leiden University Centre for Linguistics 9 November 2019, BaSIS Workshop a.barany@hum.leidenuniv.nl INTRODUCTION Introduction 2/42 INTRODUCTION

1.37k views • 42 slides
Introduction Introduction Introduction Introduction Outline Motivation Failures

Introduction Introduction Introduction Introduction Outline Motivation Failures

Introduction Introduction Introduction Introduction Outline Motivation Failures Definition and concepts Process and product properties Principles SE Approaches Motivation Software and the economy The economies of

1.03k views • 49 slides
Introduction Introduction Introduction Nationwide Cause for Concern 1

Introduction Introduction Introduction Nationwide Cause for Concern 1

Introduction Introduction Introduction Nationwide Cause for Concern 1 https://www.cdc.gov/std/stats17/infographic.htm Introduction Epidemiology in Western Colorado CPHE Surveillance Data Report, May 2018 Chlamydia Epidemiology in Western

977 views • 39 slides
DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every

DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every

DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every meeting (2) Some ideas of diagrams for section 7.1 (Introduction) of TP. Giles Barr 25 Jan 2018, Pembroke College On DUNE, the reality is there is a

474 views • 10 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL

Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL

Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL Writing a SMIL file Adding Media Objects Martin Halvey Clipping media files January 2008 Timing and Synchronising Layout World Wide

387 views • 14 slides
14 Introduction Introduction Bad guys can put malware into Example: hosts

14 Introduction Introduction Bad guys can put malware into Example: hosts

Introduction Introduction source Encapsulation ISO/OSI reference model message M application segment H t H t M transport network datagram H n H n H t M presentation: allow applications to frame link H l H n H t M interpret

583 views • 4 slides
Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL

Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL

Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL Writing a SMIL file Adding Media Objects Martin Halvey Clipping media files January 2008 Timing and Synchronising Layout

322 views • 8 slides
Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL

Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL

Introduction Zynq Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL Processing System Processor Peripherals Data Buses AXI Bus Conclusion BTE5380 - Embedded Systems Octobre 2014 Andreas Habegger

1.81k views • 30 slides
2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04

2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04

2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04 Project References S E 5 PART.1 SMILE5 Introduction M I L Introduction STORION-SMILE5 Residential Energy Storage System Inverter 5kW Output Input

1.06k views • 25 slides
Introduction to CICS Course introduction Course introduction What is CICS? What is an

Introduction to CICS Course introduction Course introduction What is CICS? What is an

Introduction to CICS Course introduction Course introduction What is CICS? What is an application server? Why use an application server? Course introduction Services provided by CICS How CICS applications are defined Scaling CICS to meet

1.84k views • 146 slides
Network Visualization Introduction Presented by Shahed Introduction Introduction Basic

Network Visualization Introduction Presented by Shahed Introduction Introduction Basic

Network Visualization Introduction Presented by Shahed Introduction Introduction Basic building blocks Node Links (relationship between nodes) Spatial information Network data

584 views • 9 slides
Introduction Introduction (1) Main argument of the paper: universities are not only

Introduction Introduction (1) Main argument of the paper: universities are not only

Le jugement des pairs comme outil de management des universits Peer-review as a management tool Christine Musselin (CSO, Sciences Po et CNRS) Avril 2013, Lirrsistible ascension du capitalisme acadmique Introduction Introduction (1)

590 views • 28 slides
Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Moreno Baricevic Gilberto Daz Axel Kohlmeyer Stefano Cozzini ULA ICTP CNR-IOM DEMOCRITOS Merida, VENEZUELA Trieste, ITALY Trieste, ITALY Introduction Introduction to storage and to storage and filesystems filesystems Introduction

1.19k views • 51 slides
JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of

JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of

JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of the brand new JA-100 alarm system Visions Basic architecture System components Setting Help us with final validations You are the FIRST ones

1.69k views • 111 slides
1 Introduction Introduction Communication System Baseband an adjective that describes

1 Introduction Introduction Communication System Baseband an adjective that describes

Introduction Introduction Physical Layer Mobile network Global ISP Provides the means to transmit bits Basic Concepts of from sender to receiver, Data Transmission Defines the mechanical, electrical, and Home network timing

463 views • 7 slides
Welcome! Todays Agenda: Topic Introduction Course Introduction Team Practical

Welcome! Todays Agenda: Topic Introduction Course Introduction Team Practical

INFOGR Computer Graphics Jacco Bikker - April-July 2015 - Lecture 1: Introduction Welcome! Todays Agenda: Topic Introduction Course Introduction Team Practical Details Assignments Field Study State of

869 views • 62 slides
Introduction (00) RNDr. Martin Madaras, PhD. madaras@skeletex.xyz Introduction Introduction

Introduction (00) RNDr. Martin Madaras, PhD. madaras@skeletex.xyz Introduction Introduction

Virtual and Augmented Reality Introduction (00) RNDr. Martin Madaras, PhD. madaras@skeletex.xyz Introduction Introduction Who am I? What do I do here? 2 About me Short research bio: - 2014 - finished PhD at FMFI UK - 2014 2016 -

1.3k views • 39 slides

More recommend